CS 458/658 S14 Modules

A draft of the lecture slides for each module will be made available the evening before the module begins. The final version of the lecture slides will be made available after the module is completed and replaces the draft. Use of the draft is at your own risk!

You are expected to have read the indicated sections of the textbook before the corresponding lecture.

Readings marked as mandatory contain required material for the course, and must be read before the date of the corresponding lecture.

, -->
Lecture dateTextbook sections
1 (PDF)
Lecture 1 6 May 1.1 – 1.11
Optional reading: The 10 privacy principles of PIPEDA
2 (PDF)
Lecture 2 8 May 3.1, 3.2
Mandatory reading before class: Smashing The Stack For Fun And Profit
Optional reading: On the Evolution of Buffer Overflows
Optional reading: Exploiting Format String Vulnerabilities
Optional reading: Example format string vulnerabilities (November 2011, May 2012)
Optional reading: A Taxonomy of Computer Program Security Flaws, with Examples
Lecture 3 13 May 3.3
Lecture 4 15 May 3.4
Optional reading: Morris worm
Optional reading: The Spread of the Sapphire/Slammer Worm; also: Slammed!
Optional reading: New Cookie Technologies: Harder to See and Remove, Widely Used to Track You
Mandatory reading before class: Reflections on Trusting Trust
Optional reading: Linux Kernel "Back Door" Attempt; also: The backdooring of SquirrelMail
Optional reading: Salami attacks
Lecture 5 20 May 3.5
Optional reading: Clickjacking attack
Optional reading: The inside story of the Conficker worm ; also: Conficker C Analysis
Optional reading: Two-factor Man-in-the-Middle attacks: ABN Ambro incident; Citibank incident
Optional reading: MITM Malware Re-Writes Online Bank Statements
Optional reading: An operating system kernel with a formal proof of security
Optional reading: Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
3 (PDF)
Lecture 6 22 May 4.1, 4.2, 4.3, 4.4
Optional reading: Android permissions demystified
Optional reading: Caja: Capability-based Javascript. Project webpage; draft specification
Lecture 7 27 May 4.5
Optional reading: How Hackers Snatch Real-Time Security ID Numbers; A Closer Look: Perkele Android Malware Kit
Optional reading: Why passwords have never been weaker - and crackers have never been stronger; 25-GPU cluster cracks every standard Windows password in <6 hours
Optional reading: The top 50 woeful passwords exposed by the Adobe security breach
Optional reading: Fighting Hackers: Everything You've Been Told About Passwords Is Wrong
Optional reading: Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder
Optional reading: Passwords Storage in a Nutshell; Password Security: A Case History
Lecture 8 29 May 5.1, 5.2
Optional reading: 'Fake fingerprint' Chinese woman fools Japan controls
Optional reading: Breaking facial recognition Vietnamese security firm: Your face is easy to fake, Android facial recognition based unlocking can be fooled with photo
Optional reading: Reverse-Engineered Irises Look So Real, They Fool Eye-Scanners
Optional reading: Fingerprints and forensics Computing the Scene of a Crime, High-Tech, High-Risk Forensics
Lecture 9 3 Jun 5.3, 5.4, 5.5
Mandatory reading before class: The Protection of Information in Computer Systems, section I.A. (only section I.A. is mandatory)
Optional reading: The Security Principles of Saltzer and Schroeder, illlustrated with scenes from Star Wars
Optional reading: Reliably Erasing Data From Flash-Based Solid State Drives
Optional reading: SELinux
4 (PDF)
Lecture 10 5 Jun 7.1
Optional reading: How I Lost My $50,000 Twitter Username
Optional reading: How I almost lost my $500,000 Twitter user name @jb... and my startup
Optional reading: Fake social media ID duped security-aware IT guys
Lecture 11 10 Jun 7.2
Optional reading: The New Threat: Targeted Internet Traffic Misdirection
Optional reading: Cybercrime 2.0: When the Cloud Turns Dark
Optional reading: Pakistan hijacks YouTube; The flap heard around the world; Egypt leaves the Internet; Why Google Went Offline Today and a Bit about How the Internet Works
Optional reading: The DDoS That Knocked Spamhaus Offline (And How We Mitigated It); The DDoS That Almost Broke the Internet; Biggest DDoS ever aimed at Cloudflare's content delivery network; Technical Details Behind a 400Gbps NTP Amplification DDoS Attack
Optional reading: The Inside Story of the Kelihos Botnet Takedown; Gameover; Backstage with the Gameover Botnet Hijackers
Lecture 12 12 Jun 7.3, 7.4
5 (PDF)
Lecture 13 17 Jun 2.4
Optional reading: COPACOBANA
Optional reading: A Stick Figure Guide to AES
Optional reading: Defeating AES without a PhD
Lecture 14 19 Jun 2.7
Optional reading: Theoretical attacks yield practical attacks on SSL, PKI
Optional reading: Crypto breakthrough shows Flame was designed by world-class scientists
Lecture 15 24 Jun 2.8, 7.3
Optional reading: Tree of Trust (red: root CA; green: intermediate CA)
Optional reading: Lest We Remember: Cold Boot Attacks on Encryption Keys
Optional reading: Intercepting Mobile Communications: The Insecurity of 802.11
Lecture 16 26 Jun 7.3, 10
Optional reading: Cracking WEP in 60 seconds
Optional reading: Turkish Registrar Enabled Phishers to Spoof Google, also Comodogate and DigiNotar incident
Lecture 17 3 Jul 7.3, 10
Optional reading: The Tor Project
Optional reading: Stakeout: how the FBI tracked and busted a Chicago Anon
Optional reading: SSH: passwords or keys?
Lecture 18 8 Jul 7.3, 10
Optional reading: Mixminion
Optional reading: De-Anonymizing Alt.Anonymous.Messages
Optional reading: How to build trust in crypto
Optional reading: Off-the-Record Messaging
6 (PDF)
Lecture 19 10 Jul 6.1 – 6.7
Optional reading: Social Security Numbers Deduced From Public Data
Lecture 20 15 Jul 6.8, 10.4
Lecture 21 17 Jul 6.8, 10.4
Optional reading: Boston Bomber slipped past while spelling glitch tripped up the law
Optional reading: How Obama Officials Cried 'Terrorism' to Cover Up a Paperwork Error
Optional reading: A Face Is Exposed for AOL Searcher No. 4417749
Optional reading: ℓ-Diversity: Privacy Beyond k-Anonymity
Optional reading: t-Closeness: Privacy Beyond k-Anonymity and ℓ-Diversity
Optional reading: Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization
7 (PDF)
Lecture 22 22 Jul 8.1, 8.2, 8.3
Optional reading: Investigation into the loss of a hard drive at Employment and Social Development Canada
Optional reading: IST's continuity plan in case of a pandemic
Optional reading: UW's emergency response policy
Optional reading: Stealing Commodities
Optional reading: PogoWasRight.org, databreaches.net, OSF DataLossDB
Lecture 23 24 Jul 8.4, 11.1, 11.2
Optional reading: The Computer Centre Incident at Concordia
Optional reading: Waterloo's Electronic Media Disposal Guidelines
Lecture 24 31 Jul 11.4, 11.5, 11.6
Optional viewing: A Fair(y) Use Tale
Optional viewing: The great copyright battle: UBC's bold stand against Access Copyright
Optional viewing: Unintended Consequences: Ten Years under the DMCA
Optional reading: The Athens Affair, SISMI-Telecom scandal
Optional reading: Bruce Schneier on Full Disclosure, Google's view, Microsoft's view
Optional reading: Codes of ethics: ACM IEEE CIPS